New Year Sale - Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70dumps

SPLK-3003 Questions and Answers

Question # 6

How could a role in which all users must specify an index=clause in all searches be configured?

A.

Set the authorize.conf setting: srchIndexesDefault to no value.

B.

Set the authorize.conf setting: srchFilter to no value.

C.

Set the authorize.conf setting: srchIndexesAllowed to no value.

D.

Set the authorize.conf setting: srchJobsQuota to no value.

Full Access
Question # 7

Which of the following server.conf stanzas indicates the Indexer Discovery feature has not been fully configured (restart pending) on the Master Node?

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 8

A working search head cluster has been set up and used for 6 months with just the native/local Splunk user authentication method. In order to integrate the search heads with an external Active Directory server using LDAP, which of the following statements represents the most appropriate method to deploy the configuration to the servers?

A.

Configure the integration in a base configuration app located in shcluster-apps directory on the search head deployer, then deploy the configuration to the search heads using the splunk apply shcluster- bundle command.

B.

Log onto each search using a command line utility. Modify the authentication.conf and

authorize.conf files in a base configuration app to configure the integration.

C.

Configure the LDAP integration on one Search Head using the Settings > Access Controls > Authentication Method and Settings > Access Controls > Roles Splunk UI menus. The configuration setting will replicate to the other nodes in the search head cluster eliminating the need to do this on the other search heads.

D.

On each search head, login and configure the LDAP integration using the Settings > Access Controls > Authentication Method and Settings > Access Controls > Roles Splunk UI menus.

Full Access
Question # 9

A [script://] input sends data to a Splunk forwarder using which method?

A.

UDP stream

B.

TCP stream

C.

Temporary file

D.

STDOUT/STDERR

Full Access
Question # 10

A customer would like Splunk to delete files after they’ve been ingested. The Universal Forwarder has read/ write access to the directory structure. Which input type would be most appropriate to use in order to ensure files are ingested and then deleted afterwards?

A.

Script

B.

Batch

C.

Monitor

D.

Fschange

Full Access
Question # 11

A customer is using both internal Splunk authentication and LDAP for user management.

If a username exists in both $SPLUNK_HOME/etc/passwd and LDAP, which of the following statements is accurate?

A.

The internal Splunk authentication will take precedence.

B.

Authentication will only succeed if the password is the same in both systems.

C.

The LDAP user account will take precedence.

D.

Splunk will error as it does not support overlapping usernames

Full Access
Question # 12

A customer wants to migrate from using Splunk local accounts to use Active Directory with LDAP for their Splunk user accounts instead. Which configuration files must be modified to connect to an Active Directory LDAP provider?

A.

authentication.conf, authorize.conf, ldap.conf

B.

authentication.conf, ldap.conf

C.

authentication.conf

D.

authorize.conf, authentication.conf

Full Access